Can't renew a certificat with certbot SysCallError(-1, 'Unexpected EOF')

_Ant0 · May 9, 2021, 4:25pm

Hello,

For some reason I can't renew a certificat with certbot.
I think I can't contact de ACME api.

My domain is: zoulette.ovh

I ran this command:
certbot --dns-ovh --dns-ovh-credentials ~/.ovhapi -d zoulette.ovh -d *.zoulette.ovh

It produced this output: :

During handling of the above exception, another exception occurred:

requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')")))
Please see the logfiles in /var/log/letsencrypt for more details.

I try to diectly request the api:

curl https://acme-v02.api.letsencrypt.org/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443

The operating system my web server runs on is (include version): debian 10

My hosting provider, if applicable, is: OVH

The version of my client is:
sudo certbot --version
certbot 0.31.0

If anyone has an idea I'm interested

rg305 · May 9, 2021, 4:33pm

Hi @_Ant0, and welcome to the LE community forum
[and Happy Mother's Day to all the mothers in your life]

I would start by upgrading certbot:

_Ant0 · May 9, 2021, 5:15pm

Hi! Thanks for the welcome!

Indeed the version is a bit old ^^ I switched to a new one with docker (certbot/dns-ovh/).

I ran this command:
certbot certonly --dns-ovh --dns-ovh-credentials ~/.ovhapi -d zoulette.ovh -d *.zoulette.ovh

I got this error:
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f5fd2adb640>: Failed to establish a new connection: [Errno -3] Try again'))
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f5fd2adb640>: Failed to establish a new connection: [Errno -3] Try again'))

rg305 · May 9, 2021, 7:13pm

hmm...
please show:
certbot --version
which certbot
curl -Ik4 http://acme-v02.api.letsencrypt.org/
curl -Ik6 http://acme-v02.api.letsencrypt.org/

_Ant0 · May 9, 2021, 7:37pm

Yes of course !
Here are the command outputs:

cerbot --version
certbot 1.15.0

 which certbot
/usr/local/bin/certbot

curl -Ik4 http://acme-v02.api.letsencrypt.org/
curl: (56) Recv failure: Connection reset by peer

curl -Ik6 http://acme-v02.api.letsencrypt.org/
curl: (7) Couldn't connect to server

petercooperjr · May 9, 2021, 8:04pm

You may be running into the DDoS-mitigation blocking:

@lestaff, can you take a look?

JamesLE · May 9, 2021, 9:23pm

Yes, it looks like the site's IP address (which is probably where Certbot was running) had been blocked as a DDoS mitigation. It's now unblocked. Sorry about the trouble!

rg305 · May 9, 2021, 11:24pm

[I'm pretty sure this is just a symlink to the snap version... but to be 100% certain]

What shows:
ls -l /usr/local/bin/certbot

_Ant0 · May 10, 2021, 4:45pm

Hello,

Thanks cerbot can now contact the API

system · June 9, 2021, 4:45pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.